<?php
require_once "common.php";

//判断用户登录状态
checkauth();

$admin_menu = array(
	'index' => '首页',
	'setting' => '全局设置',
	'product' => '产品中心',
	'customer' => '客户中心',
	'uploadimg' => '图片上传',
);

if(isset($_POST['action']) && $_POST['action'] == 'login'){
	login($_POST['username'], $_POST['password']);
	header("location: admin.php");
	exit;
} elseif(!$_SGLOBAL['supe_uid']){
	include_once 'admin/login.php';
	exit;
} elseif(isset($_POST['action']) && $_POST['action'] == 'setting'){
	foreach($_POST['setting'] as $name => $value){
		$value = trim($value);
		$res = $_SGLOBAL['db']->result_first("select `name` from ".tname("setting")." where `name`='$name'");
		if(!empty($res)){
			updatetable('setting', array('value' => $value), array('name' => $name));
		} else {
			inserttable('setting', array('value' => $value, 'name' => $name));
		}
	}
	header("location: admin.php?cp=setting");
	exit;
} elseif(isset($_POST['action']) && $_POST['action'] == 'customer'){
	foreach($_POST['logomade']['name'] as $key => $value){
		$value = trim($value);
		if(!empty($value)){
			$logomades[] = array('name'=>$value, 'img'=>$_POST['logomade']['img'][$key]);
		}
	}
	$logomade = serialize($logomades);
	inserttable('setting', array('value' => $logomade, 'name' => 'logomade'), 0, true);
	foreach($_POST['technics']['name'] as $key => $value){
		$value = trim($value);
		if(!empty($value)){
			$technicses[] = array('name'=>$value, 'img'=>$_POST['technics']['img'][$key]);
		}
	}
	$technics = serialize($technicses);
	inserttable('setting', array('value' => $technics, 'name' => 'technics'), 0, true);
	header("location: admin.php?cp=customer");
	exit;
} elseif(isset($_POST['action']) && $_POST['action'] == 'product'){
	if(!empty($_POST['add_name'])){
		$name = $_POST['add_name'];
		$res = $_SGLOBAL['db']->result_first("select `name` from ".tname("product_type")." where `name`='$name'");
		if(empty($res)){
			inserttable('product_type', array('rootid' => $_POST['add_rootid'], 'name' => $name));
		}
	}
	if(!empty($_POST['edit_name']) && $_POST['edit_name'] != $_POST['old_name']){
		$name = $_POST['edit_name'];
		$res = $_SGLOBAL['db']->result_first("select `name` from ".tname("product_type")." where `name`='$_POST[old_name]'");
		if(!empty($res)){
			updatetable('product_type', array('rootid' => $_POST['edit_rootid'], 'name' => $name), array('name' => $_POST['old_name']));
		}
	} elseif(empty($_POST['edit_name'])){
			$_SGLOBAL['db']->query("delete from ".tname("product_type")." where name='$_POST[old_name]'");
	}

	if(isset($_POST['product'])){
		foreach($_POST['product'] as $key => $p){
			updatetable('product', array('typeid' => $p['typeid'], 'name' => $p['name'], 'indexnum' => $p['indexnum']), array('id' => $key));
		}
	}


	if(!empty($_POST['product_name'])){
		$name = $_POST['product_name'];
		//$res = $_SGLOBAL['db']->result_first("select `name` from ".tname("product_type")." where `name`='$name'");
		inserttable('product', array('typeid' => $_POST['typeid'], 'name' => $name, 'indexnum' => $_POST['product_indexnum']));
	}
	header("location: admin.php?cp=product");
	exit;
} elseif(isset($_POST['action']) && $_POST['action'] == 'uploadimg'){
	if ($_FILES['upload']['size'] > 0){
		include_once 'source/Image.class.php';
		include_once 'source/UploadFile.class.php';
		include_once 'source/UploadFileImage.class.php';
		if($_POST['type'] == 'product'){
			$UploadFileImage = new UploadFileImage('images/product');
			$UploadFileImage->setIsRename(true);
			try {
				$imageuri = $UploadFileImage->upload($_FILES['upload'], $imgsize);
				inserttable("product_img", array('pid' => $_POST['pid'], 'img' => $imageuri[0], 'img_big' => $imageuri[1], 'img_small' => $imageuri[2]));
			} catch (uploadFileException $e) {
				echo $e;
			}
		} else {
			$UploadFileImage = new UploadFileImage('images/upload');
			try {
				$imageuri = $UploadFileImage->upload($_FILES['Filedata'], $imgsize);
			} catch (uploadFileException $e) {
				echo $e;
			}
		}
	}
	header("location: admin.php?cp=product");
	exit;
} elseif(isset($_GET['do']) && $_GET['do'] == 'delproduct'){
	if(isset($_GET['id']) && $_GET['id'] > 0){
		$id = (int)$_GET['id'];
		//$p = $_SGLOBAL['db']->fetch_first("select * from ".tname("product")." where id=$id");
		$p['img'] = $_SGLOBAL['db']->fetch_all("select * from ".tname("product_img")." where pid=$id");
		foreach($p['img'] as $img){
			@unlink($img['img']);
			@unlink($img['img_big']);
			@unlink($img['img_small']);
		}
		$_SGLOBAL['db']->query("delete from ".tname("product_img")." where pid=$id");
		$_SGLOBAL['db']->query("delete from ".tname("product")." where id=$id");
	}
	header("location: admin.php?cp=product");
	exit;
} elseif(isset($_GET['do']) && $_GET['do'] == 'delimg'){
	if(isset($_GET['id']) && $_GET['id'] > 0){
		$id = (int)$_GET['id'];
		$img = $_SGLOBAL['db']->fetch_first("select * from ".tname("product_img")." where id=$id");
		@unlink($img['img']);
		@unlink($img['img_big']);
		@unlink($img['img_small']);
		$_SGLOBAL['db']->query("delete from ".tname("product_img")." where id=$id");
	}
	header("location: admin.php?cp=product");
	exit;
} elseif(isset($_POST['action']) && $_POST['action'] == 'admin_member'){
	if(isset($_POST['supe_password']) && !empty($_POST['supe_password']) && $_SGLOBAL['supe_password'] == md5(trim($_POST['supe_password']))){
		$set = array();
		if(isset($_POST['supe_username']) && !empty($_POST['supe_username']) && trim($_POST['supe_username']) != $_SGLOBAL['supe_username']){
			$m = $_SGLOBAL['db']->fetch_first("select * from ".tname("admin_member")." where username='".trim($_POST['supe_username'])."'");
			if($m){
				header("location: admin.php");
				exit;
			} else {
				$set['username'] = trim($_POST['supe_username']);
			}
		}
		if(isset($_POST['supe_newpassword']) && !empty($_POST['supe_newpassword'])){
			if(trim($_POST['supe_newpassword']) != trim($_POST['supe_newpassword1'])){
				header("location: admin.php");
				exit;
			} else {
				$set['password'] = md5(trim($_POST['supe_newpassword']));
			}
		}
		if(!empty($set)){
			updatetable("admin_member", $set, array("uid" => $_SGLOBAL['supe_uid']));
		}
	}
	if(isset($_POST['new_username']) && !empty($_POST['new_username']) && isset($_POST['new_password']) && !empty($_POST['new_password'])){
		$m = $_SGLOBAL['db']->fetch_first("select * from ".tname("admin_member")." where username='".trim($_POST['new_username'])."'");
		if($m){
			header("location: admin.php");
			exit;
		} else {
			inserttable("admin_member", array("username"=>trim($_POST['new_username']), "password"=>md5(trim($_POST['new_password'])), "dateline"=>$_SGLOBAL['timestamp'], "ip"=>getonlineip(), "lastpost"=>$_SGLOBAL['timestamp']));
		}
	}
	if(isset($_POST['username']) && !empty($_POST['username'])){
		foreach($_POST['username'] as $uid => $m){
			$username = trim($_POST['username'][$uid]);
			$password = trim($_POST['password'][$uid]);
			$newpassword = trim($_POST['newpassword'][$uid]);
			$newpassword1 = trim($_POST['newpassword1'][$uid]);
			$set = array();
			$m = $_SGLOBAL['db']->fetch_first("select * from ".tname("admin_member")." where uid='".$uid."'");
			if($m['password'] == md5($password)){
				if($username != $m['username']){
					$m2 = $_SGLOBAL['db']->fetch_first("select * from ".tname("admin_member")." where username='".trim($_POST['supe_username'])."'");
					if(!$m){
						$set['username'] = $username;
					}
				}
				if($newpassword == $newpassword1){
					$set['password'] = md5(trim($_POST['supe_newpassword']));
				}
				if(!empty($set)){
					updatetable("admin_member", $set, array("uid" => $uid));
				}
			}
		}
	}
	header("location: admin.php");
	exit;
} else {
	$cp = isset($_GET['cp']) && array_key_exists($_GET['cp'],$admin_menu)?$_GET['cp']:'index';
	include_once 'admin/'.$cp.'.php';
	exit;
}